StriD 2 FA: Scalable Regular Expression Matching for Deep Packet Inspection Author: Xiaofei Wang, Junchen Jiang, Yi Tang, Bin Liu, and Xiaojun Wang Publisher:

Slides:

Advertisements

Similar presentations

Deep Packet Inspection with DFA-trees and Parametrized Language Overapproximation Author: Daniel Luchaup, Lorenzo De Carli, Somesh Jha, Eric Bach Publisher:

Advertisements

Optimizing Regular Expression Matching with SR-NFA on Multi-Core Systems Authors : Yang, Y.E., Prasanna, V.K. Yang, Y.E. Prasanna, V.K. Publisher : Parallel.

An Efﬁcient Regular Expressions Compression Algorithm From A New Perspective Authors : Tingwen Liu,Yifu Yang,Yanbing Liu,Yong Sun,Li Guo Tingwen LiuYifu.

Pipelined Parallel AC-based Approach for Multi-String Matching Department of Computer Science and Information Engineering National Cheng Kung University,

Improved TCAM-based Pre-Filtering for Network Intrusion Detection Systems Department of Computer Science and Information Engineering National Cheng Kung.

Compact State Machines for High Performance Pattern Matching Department of Computer Science and Information Engineering National Cheng Kung University,

1 Regular expression matching with input compression ： a hardware design for use within network intrusion detection systems Department of Computer Science.

An Efficient and Scalable Pattern Matching Scheme for Network Security Applications Department of Computer Science and Information Engineering National.

1 Fast and Memory-Efficient Regular Expression Matching for Deep Packet Inspection Department of Computer Science and Information Engineering National.

Memory-Efficient Regular Expression Search Using State Merging Department of Computer Science and Information Engineering National Cheng Kung University,

Thopson NFA Presenter: Yuen-Shuo Li Date: 2014/5/7 Department of Computer Science and Information Engineering National Cheng Kung University, Taiwan R.O.C.

Packet Classification using Rule Caching Author: Nitesh B. Guinde, Roberto Rojas-Cessa, Sotirios G. Ziavras Publisher: IISA, 2013 Fourth International.

Sampling Techniques to Accelerate Pattern Matching in Network Intrusion Detection Systems Author: Domenico Ficara, Gianni Antichi, Andrea Di Pietro, Stefano.

An Improved Algorithm to Accelerate Regular Expression Evaluation Author: Michela Becchi, Patrick Crowley Publisher: 3rd ACM/IEEE Symposium on Architecture.

Leveraging Traffic Repetitions for High- Speed Deep Packet Inspection Author: Anat Bremler-Barr, Shimrit Tzur David, Yotam Harchol, David Hay Publisher:

SI-DFA: Sub-expression Integrated Deterministic Finite Automata for Deep Packet Inspection Authors: Ayesha Khalid, Rajat Sen†, Anupam Chattopadhyay Publisher:

A Regular Expression Matching Algorithm Using Transition Merging Department of Computer Science and Information Engineering National Cheng Kung University,

EQC16: An Optimized Packet Classification Algorithm For Large Rule-Sets Author: Uday Trivedi, Mohan Lal Jangir Publisher: 2014 International Conference.

Pattern-Based DFA for Memory- Efficient and Scalable Multiple Regular Expression Matching Author: Junchen Jiang, Yang Xu, Tian Pan, Yi Tang, Bin Liu Publisher:IEEE.

Sampling Techniques to Accelerate Pattern Matching in Network Intrusion Detection Systems Author ： Domenico Ficara, Gianni Antichi, Andrea Di Pietro, Stefano.

1 Optimization of Regular Expression Pattern Matching Circuits on FPGA Department of Computer Science and Information Engineering National Cheng Kung University,

Deterministic Finite Automaton for Scalable Traffic Identification: the Power of Compressing by Range Authors: Rafael Antonello, Stenio Fernandes, Djamel.

Regular Expression Matching for Reconfigurable Packet Inspection Authors: Jo˜ao Bispo, Ioannis Sourdis, Jo˜ao M.P. Cardoso and Stamatis Vassiliadis Publisher:

Algorithms to Accelerate Multiple Regular Expressions Matching for Deep Packet Inspection Sailesh Kumar Sarang Dharmapurikar Fang Yu Patrick Crowley Jonathan.

StriD2FA Scalable Regular Expression Matching for Deep Packet Inspection Author ： Xiaofei Wang, Junchen Jiang, Yi Tang,Yi Wang,Bin Liu Xiaojun Wang Publisher.

DBS A Bit-level Heuristic Packet Classification Algorithm for High Speed Network Author : Baohua Yang, Xiang Wang, Yibo Xue, Jun Li Publisher : th.

Memory-Efficient Regular Expression Search Using State Merging Author: Michela Becchi, Srihari Cadambi Publisher: INFOCOM th IEEE International.

SwinTop: Optimizing Memory Efficiency of Packet Classification in Network Author: Chen, Chang; Cai, Liangwei; Xiang, Yang; Li, Jun Conference: Communication.

2017/4/26 Rethinking Packet Classification for Global Network View of Software-Defined Networking Author: Takeru Inoue, Toru Mano, Kimihiro Mizutani, Shin-ichi.

Updating Designed for Fast IP Lookup Author : Natasa Maksic, Zoran Chicha and Aleksandra Smiljani´c Conference: IEEE High Performance Switching and Routing.

TFA: A Tunable Finite Automaton for Regular Expression Matching Author: Yang Xu, Junchen Jiang, Rihua Wei, Yang Song and H. Jonathan Chao Publisher: ACM/IEEE.

Binary-tree-based high speed packet classification system on FPGA Author: Jingjiao Li*, Yong Chen*, Cholman HO**, Zhenlin Lu* Publisher: 2013 ICOIN Presenter:

A Fast Regular Expression Matching Engine for NIDS Applying Prediction Scheme Author: Lei Jiang, Qiong Dai, Qiu Tang, Jianlong Tan and Binxing Fang Publisher:

Lightweight Traffic-Aware Packet Classification for Continuous Operation Author: Shariful Hasan Shaikot, Min Sik Kim Presenter: Yen-Chun Tseng Date: 2014/11/26.

Lossy Compression of Packet Classifiers Author: Ori Rottenstreich, J’anos Tapolcai Publisher: 2015 IEEE International Conference on Communications Presenter:

LaFA Lookahead Finite Automata Scalable Regular Expression Detection Authors : Masanori Bando, N. Sertac Artan, H. Jonathan Chao Masanori Bando N. Sertac.

Packet Classification Using Dynamically Generated Decision Trees

LOP_RE: Range Encoding for Low Power Packet Classification Author: Xin He, Jorgen Peddersen and Sri Parameswaran Conference : IEEE 34th Conference on Local.

SRD-DFA Achieving Sub-Rule Distinguishing with Extended DFA Structure Author: Gao Xia, Xiaofei Wang, Bin Liu Publisher: IEEE DASC (International Conference.

Series DFA for Memory- Efficient Regular Expression Matching Author: Tingwen Liu, Yong Sun, Li Guo, and Binxing Fang Publisher: CIAA 2012( International.

Practical Multituple Packet Classification Using Dynamic Discrete Bit Selection Author: Baohua Yang, Fong J., Weirong Jiang, Yibo Xue, Jun Li Publisher:

Hierarchical Hybrid Search Structure for High Performance Packet Classification Authors : O˜guzhan Erdem, Hoang Le, Viktor K. Prasanna Publisher : INFOCOM,

Scalable Multi-match Packet Classification Using TCAM and SRAM Author: Yu-Chieh Cheng, Pi-Chung Wang Publisher: IEEE Transactions on Computers (2015) Presenter:

JA-trie: Entropy-Based Packet Classiﬁcation Author: Gianni Antichi, Christian Callegari, Andrew W. Moore, Stefano Giordano, Enrico Anastasi Conference.

A Multi-dimensional Packet Classification Algorithm Based on Hierarchical All-match B+ Tree Author: Gang Wang, Yaping Lin*, Jinguo Li, Xin Yao Publisher:

Reorganized and Compact DFA for Efficient Regular Expression Matching

2018/4/23 Dynamic Load-balanced Path Optimization in SDN-based Data Center Networks Author: Yuan-Liang Lan , Kuochen Wang and Yi-Huai Hsu Presenter: Yi-Hsien.

2018/4/27 PiDFA : A Practical Multi-stride Regular Expression Matching Engine Based On FPGA Author: Jiajia Yang, Lei Jiang, Qiu Tang, Qiong Dai, Jianlong.

A DFA with Extended Character-Set for Fast Deep Packet Inspection

2018/6/26 An Energy-efficient TCAM-based Packet Classification with Decision-tree Mapping Author: Zhao Ruan, Xianfeng Li , Wenjun Li Publisher: 2013.

Regular Expression Matching in Reconfigurable Hardware

Statistical Optimal Hash-based Longest Prefix Match

2019/1/3 Exscind: Fast Pattern Matching for Intrusion Detection Using Exclusion and Inclusion Filters Next Generation Web Services Practices (NWeSP) 2011.

Memory-Efficient Regular Expression Search Using State Merging

A Small and Fast IP Forwarding Table Using Hashing

A New String Matching Algorithm Based on Logical Indexing

Compact DFA Structure for Multiple Regular Expressions Matching

2019/5/3 A De-compositional Approach to Regular Expression Matching for Network Security Applications Author: Eric Norige Alex Liu Presenter: Yi-Hsien.

2019/5/5 A Flexible Wildcard-Pattern Matching Accelerator via Simultaneous Discrete Finite Automata Author: Hsiang-Jen Tsai, Chien-Chih Chen, Yin-Chi Peng,

2019/5/8 BitCoding Network Traffic Classification Through Encoded Bit Level Signatures Author: Neminath Hubballi, Mayank Swarnkar Publisher/Conference:

Pipelined Architecture for Multi-String Matching

2019/5/14 New Shift table Algorithm For Multiple Variable Length String Pattern Matching Author: Punit Kanuga Presenter: Yi-Hsien Wu Conference: 2015.

Power-efficient range-match-based packet classification on FPGA

Presenter: Yu Hao, Tseng Date: 2014/8/25

OpenSec：Policy-Based Security Using Software-Defined Networking

Design principles for packet parsers

A Hybrid IP Lookup Architecture with Fast Updates

2019/10/9 Regular Expression Matching for Reconfigurable Constraint Repetition Inspection Authors : Miad Faezipour and Mehrdad Nourani Publisher : IEEE.

MEET-IP Memory and Energy Efficient TCAM-based IP Lookup

Packet Classification Using Binary Content Addressable Memory

Presentation transcript:

StriD 2 FA: Scalable Regular Expression Matching for Deep Packet Inspection Author: Xiaofei Wang, Junchen Jiang, Yi Tang, Bin Liu, and Xiaojun Wang Publisher: 2011 IEEE International Conference on Communications Presenter: Ching-Hsuan Shih Date: 2014/06/11 Department of Computer Science and Information Engineering National Cheng Kung University, Taiwan R.O.C.

Outline Introduction Related Work System Design Principles and Challenges Building StriD 2 FAs from Regex Optimization of False Positive Evaluation 2 National Cheng Kung University CSIE Computer & Internet Architecture Lab

Introduction (1/2) Signature-based deep packet inspection has taken root as a dominant security mechanism in networking devices and computer systems. Regular expressions are more expressive than simple patterns of strings and therefore able to describe a wider variety of payload signatures. National Cheng Kung University CSIE Computer & Internet Architecture Lab 3

Introduction (2/2) A novel length-based matching (LBM) is presented for accelerating regex matching. LBM has a DFA-like matcher called Stride-DFA (StriD 2 FA). Causing false positive. National Cheng Kung University CSIE Computer & Internet Architecture Lab 4

Related Work National Cheng Kung University CSIE Computer & Internet Architecture Lab 5 Dharmapurikar et al. presented a scheme [7] that can process multiple characters per clock cycle with Bloom-filter. A recent method [4] introduces the sampling techniques to accelerate regex matching, but it not all kinds of regex are supported.

A. Converting input stream into stride lengths (SL) stream In this manner, any SL sent to a StriD 2 FA must be in a finite alphabet set Σ = {1, …, w}. System Design Principles and Challenges (1/5) National Cheng Kung University CSIE Computer & Internet Architecture Lab 6

B. An Example of StriD 2 FA Suppose the regex rule is “.*abba.{2}caca”. Here ‘a’ is chosen as the tag and the window size is 3. i. F a (.*abba) = (1 | 2 | 3) + 3 ii. F a (.{2}caca) = | | | iii. Finally the regex F a (.*abba.{2}caca) = (1 | 2 | 3) + 3 (3 1 2 | | | ), where the alphabet set is {1, 2, 3}. System Design Principles and Challenges (2/5) National Cheng Kung University CSIE Computer & Internet Architecture Lab 7

Given an byte stream T = “abcababbabccacabc”. It is first converted into SL stream F a (T) = And it matched by the StriD 2 FA, then the input stream is sent to the verification module to make an accurate match by using some traditional methods (e.g., reversed DFA in [4]) System Design Principles and Challenges (3/5) National Cheng Kung University CSIE Computer & Internet Architecture Lab 8

C. Benefits of LBM Increased speed: According to the statistics in Section VI, average SLs of some characters are larger than 100. Small memory consumption: Firstly, the number of states is generally less than traditional DFA (e.g., StriD 2 FA has 5 less states than the traditional DFA in Figure 2). Secondly, the fanout of each state is controlled by the window size. System Design Principles and Challenges (4/5) National Cheng Kung University CSIE Computer & Internet Architecture Lab 9

D. Challenges Regex converting: In Section IV, a formal method to efficiently construct StriD 2 FA from any regex is described. False positive rate System Design Principles and Challenges (5/5) National Cheng Kung University CSIE Computer & Internet Architecture Lab 10

1. Compile Regex to standard DFA. 2. Restructure the DFA by classifying all the transitions. All labels are removed on transitions and mark each transition whether its character is the tag (solid transition if true and dashed transition otherwise). Building StriD 2 FAs from Regex (1/2) National Cheng Kung University CSIE Computer & Internet Architecture Lab 11

3. Transform the restructured DFA to a non-deterministic StriD 2 FA by the depth first search (DFS) algorithm. If a solid transition (pointing to state q’) is reachable in L steps where L ≦ w, add a transition labeled L from q to q’. Otherwise (i.e., there is an all-dashed-transition path of length w to state q’), add a transition labeled w from q to q’. 4. Determinize to the final StriD 2 FA (similar to the determinization in traditional DFA) Building StriD 2 FAs from Regex (2/2) National Cheng Kung University CSIE Computer & Internet Architecture Lab 12

Optimization of False Positive National Cheng Kung University CSIE Computer & Internet Architecture Lab 13

Evaluation (1/2) National Cheng Kung University CSIE Computer & Internet Architecture Lab 14

Evaluation (2/2) National Cheng Kung University CSIE Computer & Internet Architecture Lab 15